I'll get it again. I've also been testing with:
"/shared/letsencrypt"/acme.sh --renew-all --force --insecure --home "/shared/letsencrypt" --debug
with the same results.
2 Likes
HTTP/1.1 301 Moved Permanently
Server: nginx/1.21.3
Date: Mon, 27 Dec 2021 19:37:57 GMT
Content-Type: text/html
Content-Length: 169
Connection: keep-alive
Location: https://[site]/.well-known/acme-challenge/2pSLG_7W9sDrfIT-F2kM-0daQLNaKca1iI2Nwg6CejA
curl: (60) SSL certificate problem: certificate has expired
More details here: https://curl.haxx.se/docs/sslcerts.html
curl failed to verify the legitimacy of the server and therefore could not
establish a secure connection to it. To learn more about this situation and
how to fix it, please visit the web page mentioned above.
2 Likes
Are you L30110 at the discourse forum?
If not, you may want to keep in touch over there.
I don't have any other suggestions than to visit acme.sh github or discourse forum. Perhaps someone else here will have some ideas. I wish you good luck.
PS: I would have preferred seeing -iLk but that's ok 
2 Likes
Receiving an HTTP redirect means "a missed opportunity".
You are better off handling the challenge requests in HTTP.
3 Likes
Here's -iLk:
HTTP/1.1 301 Moved Permanently
Server: nginx/1.21.3
Date: Mon, 27 Dec 2021 20:17:35 GMT
Content-Type: text/html
Content-Length: 169
Connection: keep-alive
Location: https://[site]/.well-known/acme-challenge/2pSLG_7W9sDrfIT-F2kM-0daQLNaKca1iI2Nwg6CejA
HTTP/2 200
server: nginx
date: Mon, 27 Dec 2021 20:17:35 GMT
content-type: application/octet-stream
content-length: 87
last-modified: Mon, 27 Dec 2021 16:48:32 GMT
accept-ranges: bytes
2pSLG_7W9sDrfIT-F2kM-0daQLNaKca1iI2Nwg6CejA.vKA8FrKeyX8nJdc_2PzikCV_PLNTM5SEBXrmNKVtz3o
3 Likes
I'm just using the standard Discourse docker install for Let's Encrypt. Haven't altered it at all and it worked fine for over 2 years for renewals.
2 Likes
Unfortunately, it can (and should) alter itself - with any required updates (as they become available).
Perhaps one of them is to blame...
3 Likes
I just install the Discourse updates as they become available. I don't change anything in it myself other than routine configuration items.
3 Likes
This problem is solved. The underlying issue was poor connectivity through a tunnel providing a single ip address associated with the Discourse forum. While tests via other sites including external ones had not shown this, a recommended test via mobile did show the performance problem, which apparently was bad enough to prevent certificate renewals from completing (via the route that Let's Encrypt was using). This was straightforward to solve once the tunnel was indicated as the culprit, and a rebuild of the Discourse app immediately pulled in renewed certs, so back to full operation. Thanks all!
4 Likes
Excellent!
Related Discourse Meta topic that led to solution:
5 Likes
This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.